A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user.

Advisory may be found at: http://www.cert.org/advisories/CA-2000-02.html

Should we react to this with respect to the Squeak Swiki regarding <SCRIPT> tags?